U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

NOTICE UPDATED - May, 29th 2024

The NVD has a new announcement page with status updates, news, and how to stay connected!


The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity
  • CVE-2024-36837 - SQL Injection vulnerability in CRMEB v.5.2.2 allows a remote attacker to obtain sensitive information via the getProductList function in the ProductController.php file.
    Published: June 05, 2024; 11:15:11 AM -0400

    V3.1: 7.5 HIGH

  • CVE-2024-5629 - An out-of-bounds read in the 'bson' module of PyMongo 4.6.2 or earlier allows deserialization of malformed BSON provided by a Server to raise an exception which may contain arbitrary application memory.
    Published: June 05, 2024; 11:15:12 AM -0400

    V3.1: 8.1 HIGH

  • CVE-2024-35674 - Missing Authorization vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates).This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through 1.5.109.
    Published: June 05, 2024; 1:15:13 PM -0400

    V3.1: 8.8 HIGH

  • CVE-2024-20405 - A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct a stored XSS attack by exploiting an RFI vulnerability. This vulnerability is due to insufficient validation of u... read CVE-2024-20405
    Published: June 05, 2024; 1:15:12 PM -0400

    V3.1: 6.1 MEDIUM

  • CVE-2024-24790 - The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms.
    Published: June 05, 2024; 12:15:10 PM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2024-36129 - The OpenTelemetry Collector offers a vendor-agnostic implementation on how to receive, process and export telemetry data. An unsafe decompression vulnerability allows unauthenticated attackers to crash the collector via excessive memory consumptio... read CVE-2024-36129
    Published: June 05, 2024; 2:15:10 PM -0400

    V3.1: 7.5 HIGH

  • CVE-2024-5184 - The EmailGPT service contains a prompt injection vulnerability.┬áThe service uses an API service that allows a malicious user to inject a direct prompt and take over the service logic. Attackers can exploit the issue by forcing the AI service to le... read CVE-2024-5184
    Published: June 05, 2024; 2:15:11 PM -0400

    V3.1: 9.1 CRITICAL

  • CVE-2024-4009 - Replay Attack in ABB, Busch-Jaeger, FTS Display (version 1.00) and BCU (version 1.3.0.33) allows attacker to capture/replay KNX telegram to local KNX Bus-System
    Published: June 05, 2024; 2:15:11 PM -0400

    V3.1: 7.8 HIGH

  • CVE-2024-4008 - FDSK Leak in ABB, Busch-Jaeger, FTS Display (version 1.00) and BCU (version 1.3.0.33) allows attacker to take control via access to local KNX Bus-System
    Published: June 05, 2024; 2:15:11 PM -0400

    V3.1: 8.8 HIGH

  • CVE-2020-36599 - lib/omniauth/failure_endpoint.rb in OmniAuth before 1.9.2 (and before 2.0) does not escape the message_key value.
    Published: August 18, 2022; 7:15:08 PM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2019-8354 - An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c has an integer overflow on the result of multiplication fed into malloc. When the buffer is allocated, it is smaller than expected, leading to a heap-based buffer overflow.
    Published: February 15, 2019; 6:29:00 PM -0500

    V3.1: 5.0 MEDIUM
    V2.0: 4.3 MEDIUM

  • CVE-2023-49927 - An issue was discovered in Samsung Mobile Processor, Automotive Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 2200, 1280, 1380, 1330, 9110, W920, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto T5123. The baseban... read CVE-2023-49927
    Published: June 05, 2024; 3:15:11 PM -0400

    V3.1: 5.3 MEDIUM

  • CVE-2023-49928 - An issue was discovered in Samsung Mobile Processor, Automotive Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 2200, 1280, 1380, 1330, 9110, W920, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto T5123. The baseban... read CVE-2023-49928
    Published: June 05, 2024; 3:15:11 PM -0400

    V3.1: 7.5 HIGH

  • CVE-2023-50803 - An issue was discovered in Samsung Mobile Processor, Automotive Processor, and Modem Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 2200, 1280, 1380, 1330, Modem 5123, Modem 5300, and Auto T5123. The baseband software does not properly check replay... read CVE-2023-50803
    Published: June 05, 2024; 3:15:11 PM -0400

    V3.1: 5.3 MEDIUM

  • CVE-2023-38430 - An issue was discovered in the Linux kernel before 6.3.9. ksmbd does not validate the SMB request protocol ID, leading to an out-of-bounds read.
    Published: July 17, 2023; 8:15:09 PM -0400

    V3.1: 9.1 CRITICAL

  • CVE-2023-38431 - An issue was discovered in the Linux kernel before 6.3.8. fs/smb/server/connection.c in ksmbd does not validate the relationship between the NetBIOS header's length field and the SMB header sizes, via pdu_size in ksmbd_conn_handler_loop, leading t... read CVE-2023-38431
    Published: July 17, 2023; 8:15:09 PM -0400

    V3.1: 9.1 CRITICAL

  • CVE-2023-39331 - A previously disclosed vulnerability (CVE-2023-30584) was patched insufficiently in commit 205f1e6. The new path traversal vulnerability arises because the implementation does not protect itself against the application overwriting built-in utility... read CVE-2023-39331
    Published: October 18, 2023; 12:15:11 AM -0400

    V3.1: 7.5 HIGH

  • CVE-2023-5157 - A vulnerability was found in MariaDB. An OpenVAS port scan on ports 3306 and 4567 allows a malicious remote client to cause a denial of service.
    Published: September 27, 2023; 11:19:41 AM -0400

    V3.1: 7.5 HIGH

  • CVE-2022-30332 - In Talend Administration Center 7.3.1.20200219 before TAC-15950, the Forgot Password feature provides different error messages for invalid reset attempts depending on whether the email address is associated with any account. This allows remote att... read CVE-2022-30332
    Published: January 10, 2023; 4:15:11 PM -0500

    V3.1: 5.3 MEDIUM

  • CVE-2024-0570 - A vulnerability classified as critical was found in Totolink N350RT 9.3.5u.6265. This vulnerability affects unknown code of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation leads to improper access controls. The att... read CVE-2024-0570
    Published: January 16, 2024; 9:15:48 AM -0500

    V3.1: 9.1 CRITICAL

Created September 20, 2022 , Updated May 29, 2024